[Release] FreshJR Adaptive QOS (Improvements / Custom Rules / and Inner workings)

[1219chicho]

I'm sure they got it but if not me or v

This post has been edited a trillion times. It is worthwhile to reread it for latest discoveries!

Here's a quick investigation into Gaming download traffic, specifically Steam content.

steam download
   QOS container: "Others - 0x80130000" - (Would actually be Net Control without script over-riding rule 22)
   dscp: cs1 (0x20 = 0010 00)
   size: 1500
   src ip: varies, depends on the CDN
   IP options header: does not exist
   type: tcp
      sport: 443
      dport: dynamic ( ephemeral ports 49152-65535)
      data: encrytped, no discernible pattern

steam download
   QOS container: "Gaming"
   dscp: cs1 (0x20 = 0010 00)
   size: 1500
   src ip: varies, depends on the CDN
   IP options header: does not exist
   type: tcp
      sport: 80
      dport: dynamic ( ephemeral ports 49152-65535)
      data: no discernible pattern

CS:S
  QOS container: "Gaming"
  dscp: cs1 (0x20 = 0010 00)
  size: variable, but typically 100-600
  src ip: varies on the hoster
  IP options header: does not exist
  type: udp
     sport: dynamic ( typically 27015 27016, but depends on individual hoster configuration )
     dport: 27005
     data: patterns found

Data was parsed using wireshark.

As you can see, game downloads will go into either "Others" or "Gaming".
The results are the same for console game downloads.


As a work around, use these two rules to supplement the existing gaming rule. (Original gaming rule is included in the code snippet below for reference)

realtc filter add dev br0 protocol all prio 2 u32 match ip dst 192.168.1.100/30 match mark 0x80000000 0x8000ffff flowid ${Gaming}        #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", for the LAN clients specified
realtc filter add dev br0 protocol all prio 2 u32 match ip dst 192.168.1.100/30 match ip sport 443 0xffff flowid ${Downloads}            #Gaming - Routes port 443 traffic (https), for specified LAN clients, into "Downloads"
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x80080000 0xc03f0000 match ip sport 80 0xffff flowid ${Downloads}        #Gaming - Routes "Gaming" traffic coming from port 80 into "Downloads"

DO NOT FORGET to configure the IP range corresponding to your gaming devices on the gaming rule. 192.168.1.100/30 will have to changed a total of 4 times. Your clients will need manual dhcp assignment.

This should work well for gaming devices since I do not think game are ever hosted on ports 80/443 themselves. Matchmaking is a different story, since that might be done on port 80/443, but we are more interested in prioritizing actual ingame traffic and NOT matchmaking, so it works out perfectly!

For those of you who also want an upload equivalent, try this.

iptables -D POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -m mark --mark 0x40000000/0x4000ffff -j MARK --set-mark ${Gaming_mark}         #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", from specified LAN devices in rule (line 1/2)
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -m mark --mark 0x40000000/0x4000ffff -j MARK --set-mark ${Gaming_mark}        #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", from specified LAN devices in rule (line 2/2)
iptables -D POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -p tcp --dport 443 -j MARK --set-mark ${Downloads_mark}                         #Gaming - Routes port 443 traffic (https), from specified LAN clients, into "Downloads" (line 1/2)
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -p tcp --dport 443 -j MARK --set-mark ${Downloads_mark}                        #Gaming - Routes port 443 traffic (https), from specified LAN clients, into "Downloads" (line 1/2)
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x40080000 0xc03f0000 match ip dport 80 0xffff flowid ${Downloads}                  #Gaming - Routes "Gaming" traffic going to port 80 into "Downloads"

---

More adavnced QOS rules are also possible. It should be possible capture the results of the DNS look ups, insert those results into an ipset, and then mark those IP's in iptables with a desired qos packet mark.

While these advanced rules sounds simple, I am not familiar in how to set this up.

I see that the skynet script and selective routing for netflix threads use this method. This means there are significant resources available on this forum to learn how this method works and is implemented.

I would like to look into this when I have some time, but it won't be done anytime soon as QOS does everything I would like it to do.

Enjoy!!> The gaming rule struggle should be complete.

Thank you Fresh for all the hardwork

 

[Quoc Huynh]

Thank you FreshJR for all of your hard work! I have been running the beta 4 version for 2 days and only encountered error messages, such as "parse QOS failed..."or "QOS already running..", at the very first time after restarting the router. Then, everything runs smoothly and no more such messages.

 

[FreshJR]

Just in case it isn't clear. Since I have people asking me why their https youtube traffic is going into downloads. It is because of this rule.

#Gaming - Routes port 443 traffic (https), for specified LAN clients, into "Downloads"

If your designated ip range includes a PC that happens to be browsing the https version youtube, then don't be surprised when the rule is doing exactly what the comment said it would do. It places any (https) into file downloads, but remember https is common for everything, including web surfing, streaming, voip, etc.

The original set of rules work well with consoles, due to two big assumptions made about traffic.

If you want a less aggressive version of the gaming rules that will also work well for PC general traffic, then you can use the following set of rules instead.

Download

realtc filter add dev br0 protocol all prio 2 u32 match ip dst 192.168.1.100/30 match mark 0x80000000 0x8000ffff flowid ${Gaming}        #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", for the LAN clients specified
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x80080000 0xc03f0000 match ip sport 443 0xffff flowid ${Downloads}          #Gaming - Routes "Gaming" traffic coming from port 443 into "Downloads"
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x80080000 0xc03f0000 match ip sport 80 0xffff flowid ${Downloads}          #Gaming - Routes "Gaming" traffic coming from port 80 into "Downloads"

Upload

iptables -D POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -m mark --mark 0x40000000/0x4000ffff -j MARK --set-mark ${Gaming_mark}     #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", from specified LAN devices in rule (line 1/2)
iptables -A POSTROUTING -t mangle -o eth0 -s 192.168.1.100/30 -m mark --mark 0x40000000/0x4000ffff -j MARK --set-mark ${Gaming_mark}     #Gaming - Routes Unidentified Traffic into "Gaming", instead of "Others", from specified LAN devices in rule (line 2/2)
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x40080000 0xc03f0000 match ip dport 443 0xffff flowid ${Downloads}         #Gaming - Routes "Gaming" traffic going to port 443 into "Downloads"
realtc filter add dev br0 protocol all prio 2 u32 match mark 0x40080000 0xc03f0000 match ip dport 80 0xffff flowid ${Downloads}          #Gaming - Routes "Gaming" traffic going to port 80 into "Downloads"

This changes the rule to only filter 443 traffic that simultaneously has a gaming mark assigned from the QOS engine. I'm not sure how often this will happen in practice. I am betting slim to non, due to the way https works. This is why I originally posted the more aggressive set of rules since they will work best with consoles.

Quick recap:

First set of rules, best for consoles.
Second set of rules, okay for consoles but will work if a PC is included in the list.

You have to pick one or the other. If you pick the first set and include your PC, it will still work best for gaming BUT your PC's 443 traffic will go into downloads.

 

[MysticGold04]

Paste your output of

 cat /jffs/scripts/firewall-start

Sounds like the script isn't launch launching due to an improper entry.

There should be two messages after turning on QOS related to the script.

---

There was a typo in beta2 for the additional error message. An update is going to be released today.

Thank you for your hard work and dedication to this script. I have it installed along with skynet and seems to be working great. I may take some additional tuning steps to add the game consoles in later, but for now I just have your defaults running.

 

[Sinner]

require both files from page 41 for this to work or just one or the other with select commands as well? I'm gonna give it a try but so far just the beta4 file and matching instructions giving errors about faketc not being installed.. update.... 5min into using it all my gaming dating doing to default whereas 192 worked perfectly... I'm soo exhausted from messing with this asus I'm about done I think guys.

ok after clearing everything off and installing both files (beta4 and faketc) it appears to be working yay! sorry for freak out I'm jus so tired of constant messing with this thing lol

 

[1219chicho]

require both files from page 41 for this to work or just one or the other with select commands as well? I'm gonna give it a try but so far just the beta4 file and matching instructions giving errors about faketc not being installed.. update.... 5min into using it all my gaming dating doing to default whereas 192 worked perfectly... I'm soo exhausted from messing with this asus I'm about done I think guys.

ok after clearing everything off and installing both files (beta4 and faketc) it appears to be working yay! sorry for freak out I'm jus so tired of constant messing with this thing lol

Yes requires both and just copy commands after

 

[Spydawg]

Can this be installed on 384.3_beta3 ?

 

[1219chicho]

Can this be installed on 384.3_beta3 ?

Yes it can just installed mine running amazingly it is for all firmwares from 382 and up if you go back a few post Fresh stated that

 

[Sebastien Bougie]

Hello,

I followed the step byut when i put the QOS back on i get in the log

Feb 15 16:11:17 kernel: ERR[qos_start:3344] QoS is already started!
Feb 15 16:11:17 kernel: ioctl_iqos_op_switch(1) fail!
Feb 15 16:11:20 kernel: ERR[parse_qos_conf:932] Can't set new QoS conf while QoS is started!
Feb 15 16:11:20 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
Feb 15 16:11:20 kernel: ioctl_iqos_op_config() fail!
Feb 15 16:11:20 kernel: ERR[qos_start:3344] QoS is already started!
Feb 15 16:11:20 kernel: ioctl_iqos_op_switch(1) fail!

Can someone help?

 

[1219chicho]

Hello,

I followed the step byut when i put the QOS back on i get in the log

Feb 15 16:11:17 kernel: ERR[qos_start:3344] QoS is already started!
Feb 15 16:11:17 kernel: ioctl_iqos_op_switch(1) fail!
Feb 15 16:11:20 kernel: ERR[parse_qos_conf:932] Can't set new QoS conf while QoS is started!
Feb 15 16:11:20 kernel: ERR[ioctl_iqos_op_config:3592] parse qos_conf error!!
Feb 15 16:11:20 kernel: ioctl_iqos_op_config() fail!
Feb 15 16:11:20 kernel: ERR[qos_start:3344] QoS is already started!
Feb 15 16:11:20 kernel: ioctl_iqos_op_switch(1) fail!

Can someone help?

Did you edit the script? And what version are you using beta 4?

 

[Sebastien Bougie]

Did you edit the script? And what version are you using beta 4?

Hello,

Yes i'm using Beta 4, no i didnt edit the script do i have to do it?

 

[1219chicho]

Hello,

Yes i'm using Beta 4, no i didnt edit the script do i have to do it?

No you don't unless you want strict gaming rules which fresh posted I can send you the script which I edited with the rules fresh created so here's what you do go ahead and update signature in the firmware upgrade section and reboot the router and if those errors pop up just ignore them I was getting those errors also that's why fresh created a beta 4

 

[Sebastien Bougie]

No you don't unless you want strict gaming rules which fresh posted I can send you the script which I edited with the rules fresh created so here's what you do go ahead and update signature in the firmware upgrade section and reboot the router and if those errors pop up just ignore them I was getting those errors also that's why fresh created a beta 4

Hello,

Signature is up to date, if you can send me the script that will be nice

Thanks

 

[elnash]

Hello,

Signature is up to date, if you can send me the script that will be nice

Thanks

+1 Thank you

 

[1219chicho]

Hello,

Signature is up to date, if you can send me the script that will be nice

Thanks

For consoles the i.p. range is 192.168.1.4 to 192.168.1.7 so make sure your console or pc that you game on is in the range you can just give it the fixed i.p. address on merlin hope this helps guys because Fresh is tired of explaining so this is pretty much setup for you which he helped me also because i did not know where to edit so you can thank him.

 

[elnash]

For consoles the i.p. range is 192.168.1.4 to 192.168.1.7 so make sure your console or pc that you game on is in the range you can just give it the fixed i.p. address on merlin hope this helps guys because Fresh is tired of explaining so this is pretty much setup for you which he helped me also because i did not know where to edit so you can thank him.

Thank, (FreshJR , 1219chicho)

 

[1219chicho]

L

Thank, (FreshJR , 1219chicho)

Let me know how it's working I use it for the PC,PS4,xbox and switch and so far so good

 

[Sebastien Bougie]

For consoles the i.p. range is 192.168.1.4 to 192.168.1.7 so make sure your console or pc that you game on is in the range you can just give it the fixed i.p. address on merlin hope this helps guys because Fresh is tired of explaining so this is pretty much setup for you which he helped me also because i did not know where to edit so you can thank him.

Hello,

thanks alot, I presume that if i change your IP 192.168.1.4 to my PS4 IP that will work correct? Also since i have 2 ps4 can I copy and paste those line to match my second PS4?

Thanks

 

[1219chicho]

Yes on you PS4 or on the router just change the i.p. address to 192.168.1.4 and if you have other consoles change to 192.168.1.5 and so on it's from 192.168.1.4 to 192.168.1.7 only those 4 are are for gaming

 

[elnash]

L

Let me know how it's working I use it for the PC,PS4,xbox and switch and so far so good

I use Xbox